fedora_37 kubernetes-kubeadm 使用候选路径或通道进行的认证绕过

admin

0
文章

0
评论

2023-11-30 05:14:15 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 fedora_37 kubernetes-kubeadm 使用候选路径或通道进行的认证绕过

CVE编号

CVE-2022-3294

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-11-10

漏洞描述

A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in the kube-apiserver made it possible to bypass this validation. Bypassing this validation allows authenticated requests destined for Nodes to redirect to the API Server through its private network.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/kubernetes/kubernetes/issues/113757
https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA
https://security.netapp.com/advisory/ntap-20230505-0007/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	kubernetes	kubernetes	*		Up to (excluding) 1.22.16
	运行在以下环境
	应用	kubernetes	kubernetes	*	From (including) 1.23.0	Up to (excluding) 1.23.14
	运行在以下环境
	应用	kubernetes	kubernetes	*	From (including) 1.24.0	Up to (excluding) 1.24.8
	运行在以下环境
	应用	kubernetes	kubernetes	*	From (including) 1.25.0	Up to (excluding) 1.25.4
	运行在以下环境
	系统	debian_11	kubernetes	*		Up to (excluding) 1.20.5+really1.20.2-1
	运行在以下环境
	系统	debian_12	kubernetes	*		Up to (excluding) 1.20.5+really1.20.2-1
	运行在以下环境
	系统	debian_sid	kubernetes	*		Up to (excluding) 1.20.5+really1.20.2-1
	运行在以下环境
	系统	fedora_35	kubernetes-master	*		Up to (excluding) 1.22.17-1.fc35
	运行在以下环境
	系统	fedora_37	kubernetes	*		Up to (excluding) 1.25.4-3.fc37
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 1.5.8-4.el7
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 1.5.8-4.el8
	运行在以下环境
	系统	unionos_e	kubernetes	*		Up to (excluding) kubernetes-1.20.2-20.uel20